Tom,
It seems that when you ask the lawyers whether e-mail (and PEM) has
any legal basis, you must also state whether you are the plaintiff or the
defendant.
Amen! In fact, that is at least part of the concern. No question that
e-mail could potentially be used against you, assuming that the plaintiff's
lawyers can establish admissability of the evidence. This shouldn't
be too difficult if you sent a copy to someone else at the same time,
such as on this list.
The perceived danger, at least in some people's eyes, is that
a digitally signed message might be much more difficult to
refute, almost the equivalent of a notarized paper document,
yet it might obligate the deep-pockets company as well as the
individual.
On the other hand, the corporate and contracts people tend
to wonder whether a digitally signed document is SUFFICIENTLY
enforceable, or whether they will still need all sorts of trading
partner agreements, etc.
So two sets of lawyers can look at the problem, and both
can conclude that digital signatures are too problematic to
want to deal with right now, for diametrically opposed reasons!
This is the problem that I am faced with internally right now.
I'm having to build the business case that says why all of this is
worth doing and offsets the potential risks, not just because the
technology is neat, but because we may be able to save some
real money, make more money, etc. So far, it is a tough sell,
especially since we are the "ivory tower" guys who don't
understand the "real world".
I'm hoping that the upcoming EDI conference will have lots of advice
as to how to get over this hump.
Question to all: Does anyone know of a company that has signed
up with a PCA service provider to be a real, honest-to-God CA,
issuing certificates that are intended for real use in an electronic
commerce context as of yet? It would be a great reference sell.
Bob
Spanish proverb: "It is better to be a mouse in
a cat's mouth than a man in a lawyer's hands. :-)